Re: Possible DigiCert in-addr.arpa Mis-issuance

On 2/28/19 12:52 AM, Jeremy Rowley wrote: > 4. The validation agent specified the approval scope as id-addr.arpa which is > normal for a domain approved by the admin listed in WHOIS. As a constructed > email, the approval scope should have been limited to the scope set by the > constructed

Re: 答复: Certificate Problem Report (9WG: CFCA certificate with invalid domain)

On 2/28/2019 7:45 PM, 孙圣男 wrote: > Dear Mozilla： > This problem had been confirmed. We contacted the customer and > confirmed this certificate haven't been deployed to production system, no > damage is caused. This certificate had been revoked in March 1, 2019. We had > fixed this bug in

Re: DarkMatter Concerns

I have removed these malicious certificates from firefox and Windows machine and contacted various Anti-Virus companies requesting they mark these certificates as malicious in their scans. I suggest others do the same! Thank you for bringing this to my attention.

Google Trust Services and EJBCA serial number behavior

Dear m.d.s.p, We at Google Trust Services have been following the thread discussing Dark Matter’s root inclusion request. In particular the elements of the thread that discuss the EJBCA serial number generation logic stood out to us. This is because we use EJBCA for some of our own CAs. This

Re: Incident report for DarkMatter CA - change to 128-bit serialNumbers

Thank you for the detailed incident report Scott. I have created https://bugzilla.mozilla.org/show_bug.cgi?id=1531800 to track this issue, and attributed it to QuoVadis as the responsible root CA program member. On Thu, Feb 28, 2019 at 4:43 PM Scott Rea via dev-security-policy <

Re: Possible DigiCert in-addr.arpa Mis-issuance

https://bugzilla.mozilla.org/show_bug.cgi?id=1531817 has been created to track this issue. On Wed, Feb 27, 2019 at 10:52 PM Jeremy Rowley via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Hi Cynthia, > > We've figured out what happened with your certificate but are still

RE: Possible DigiCert in-addr.arpa Mis-issuance

Thanks Wayne From: Wayne Thayer Sent: Friday, March 1, 2019 10:00 AM To: Jeremy Rowley Cc: mozilla-dev-security-policy Subject: Re: Possible DigiCert in-addr.arpa Mis-issuance https://bugzilla.mozilla.org/show_bug.cgi?id=1531817 has been created to track this issue. On Wed, Feb

Re: DarkMatter Concerns

On Thu, Feb 28, 2019 at 7:31 PM Matthew Hardeman wrote: > Regarding program policy as it now stands, it is not unreasonable to > arrive at a position that the root program would be better positioned to > supervise and sanction DarkMatter as a member Root CA than as a trusted > SubCA. For

Re: Public CA:certs with unregistered FQDN mis-issuance

On 28/02/2019 17:48, lcchen.ci...@gmail.com wrote: 1. How your CA first became aware of the problem (e.g. via a problem report submitted to your Problem Reporting Mechanism, a discussion in mozilla.dev.security.policy, a Bugzilla bug, or internal self-audit), and the time and date. Ans:

Re: Possible DigiCert in-addr.arpa Mis-issuance

On 01/03/2019 01:04, Matthew Hardeman wrote: > In addition to the GDPR concerns over WHOIS and RDAP data, reliance upon > these data sources has a crucial differentiation from other domain > validation methods. > > Specifically, the WHOIS/RDAP data sources are entirely "off-path" with > respect